Pridal: Pred 6 rokmi
The situation is different if you are using PowerShell. You still must escape most of the characters required by Active Directory, using the backslash "\" escape character, if they appear in hard coded Distinguished Names. However, PowerShell also requires that the backtick "`" and dollar sign "$" characters be escaped if they appear in any string that is quoted with double quotes. The backtick is also called the back apostrophe. If the string is quoted with single quote characters, then the backtick is taken literally and cannot be used to escape any characters. However, in single quoted strings, the "$" character is also taken literally and does not need to be escaped. The PowerShell escape character is the backtick "`" character. This applies whether you are running PowerShell statements interactively, or running PowerShell scripts.
I have not determined why, but the pound sign character "#" does not need to escaped as part of a hard coded Distinguished Name in PowerShell. This is despite the fact that when PowerShell retrieves a Distinguished Name that includes the "#" character, it is escaped with the backslash character. Also, the dollar sign "$" need not be escaped if it is the last character in a PowerShell string. Of course, it never hurts to escape any character.
If you use the [ADSI] accelerator, (or the equivalent [System.DirectoryServices.DirectoryEntry] class) or ADO in PowerShell, the forward slash character "/" must be escaped with the backslash "\" in Distinguished Names. The [ADSI] accelerator and ADO both use ADSI. But if you use the new Active Directory cmdlets installed with Windows Server 2008 R2, like Get-ADUser, the forward slash "/" does not need to be escaped. The new AD modules use the .NET Framework instead of ADSI.
Finally, if your PowerShell strings are quoted with double quotes, then any double quote characters in the string must be escaped with the backtick "`". Alternatively, the embedded double quote characters can be doubled (replace any embedded " characters with ""). Any single quote characters would not need to be escaped. Of course, the situation is reversed if the PowerShell string is quoted with single quotes. In that case, single quote characters cannot be escaped with the backtick "`", so you must double the embedded single quotes (replace any embedded ' characters with ''). Double quote characters would not need to be escaped (by PowerShell) in a single quoted string. The single quote (') character does not need to be escaped in Active Directory, but the double quote (") character does. This means that if you hard code a Distinguished Name in PowerShell, and the string is enclosed in double quotes, any embedded double quotes must be escaped first by a backtick "`", and then by a backslash "\". A few examples should clarify the situation. Below are some Common Names as they might appear using ADSI Edit, and how they must be hard coded as part of a Distinguished Name in PowerShell.
Name in ADUC Escaped in PowerShell string
Note the instances of " are replaced with \`", while $ and ` characters are both escaped with the backtick (because it is required in PowerShell) in strings quoted with double quotes, the $ character need not be escaped if the string is quoted with single quotes, and the + character is escaped with a backslash (because it is required in Active Directory). Also note that the # character does not need to be escaped in PowerShell, and the $ character need not be escaped if it is the trailing character in a string.
Source: http://www.rlmueller.net/PowerShellEscape.htm
I have not determined why, but the pound sign character "#" does not need to escaped as part of a hard coded Distinguished Name in PowerShell. This is despite the fact that when PowerShell retrieves a Distinguished Name that includes the "#" character, it is escaped with the backslash character. Also, the dollar sign "$" need not be escaped if it is the last character in a PowerShell string. Of course, it never hurts to escape any character.
If you use the [ADSI] accelerator, (or the equivalent [System.DirectoryServices.DirectoryEntry] class) or ADO in PowerShell, the forward slash character "/" must be escaped with the backslash "\" in Distinguished Names. The [ADSI] accelerator and ADO both use ADSI. But if you use the new Active Directory cmdlets installed with Windows Server 2008 R2, like Get-ADUser, the forward slash "/" does not need to be escaped. The new AD modules use the .NET Framework instead of ADSI.
Finally, if your PowerShell strings are quoted with double quotes, then any double quote characters in the string must be escaped with the backtick "`". Alternatively, the embedded double quote characters can be doubled (replace any embedded " characters with ""). Any single quote characters would not need to be escaped. Of course, the situation is reversed if the PowerShell string is quoted with single quotes. In that case, single quote characters cannot be escaped with the backtick "`", so you must double the embedded single quotes (replace any embedded ' characters with ''). Double quote characters would not need to be escaped (by PowerShell) in a single quoted string. The single quote (') character does not need to be escaped in Active Directory, but the double quote (") character does. This means that if you hard code a Distinguished Name in PowerShell, and the string is enclosed in double quotes, any embedded double quotes must be escaped first by a backtick "`", and then by a backslash "\". A few examples should clarify the situation. Below are some Common Names as they might appear using ADSI Edit, and how they must be hard coded as part of a Distinguished Name in PowerShell.
Name in ADUC Escaped in PowerShell string
cn=James "Jim" Smith "cn=James \`"Jim\`" Smith"
cn=James $ Smith "cn=James `$ Smith"
cn=James $ Smith 'cn=James $ Smith'
cn=Sally Wilson + Jones "cn=Sally Wilson \+ Jones"
cn=William O'Brian "cn=William O'Brian"
cn=William O'Brian 'cn=William O''Brian'
cn=William O`Brian "cn=William O``Brian"
cn=Richard #West "cn=Richard #West"
cn=Roy Johnson$ "cn=Roy Johnson$"
Note the instances of " are replaced with \`", while $ and ` characters are both escaped with the backtick (because it is required in PowerShell) in strings quoted with double quotes, the $ character need not be escaped if the string is quoted with single quotes, and the + character is escaped with a backslash (because it is required in Active Directory). Also note that the # character does not need to be escaped in PowerShell, and the $ character need not be escaped if it is the trailing character in a string.
Source: http://www.rlmueller.net/PowerShellEscape.htm